SlideShare a Scribd company logo

Buffer overflow attacks

Download as PPTX, PDF
Joe McCarthy
Joe McCarthy

Stack-based and heap-based buffer overflow attacks, based on Counter Hack Reloaded (by Skoudis & Liston), & other sources.

Technology
1 of 36
Network Security:Buffer Overflow Attacks Joe McCarthy
Today’s Agenda What is Network Security? Why should you care? What is a network security attack? What is a buffer overflow attack? Where can you learn more? All in 30 minutes …
What is Network Security? Computer Security The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications) February 2004 http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf Network Security Essentials, 4/E William Stallings Prentice Hall, 2011
Why study Network Security? Multi-disciplinary Computer science, mathematics, psychology, sociology, politics, ethics, economics, forensics, … New way of thinking: security mind set Preventing undesirable behavior vs. enabling desirable behavior Personal relevance Keeping your personal data & devices safe Professional relevance
TCSS 431: Network Security Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, 2/E Ed Skoudis Tom Liston Prentice Hall, 2006 Network Security:Private Communication in a Public World, 2/E Charlie Kaufman Radia Perlman Mike Speciner Prentice Hall, 2002
Today’s Agenda 1. Introduction   2. Networking Overview   3. Linux and UNIX Overview   4. Windows NT/000/XP/00 Overview   5. Phase 1: Reconnaissance   6. Phase 2: Scanning   7. Phase 3: Gaining Access Using Application & OS Attacks     Script Kiddie Exploit Trolling     Pragmatism for More Sophisticated Attackers      Buffer Overflow Exploits      Password Attacks      Web Application Attacks      Exploiting Browser Flaws   8. Phase 4: Gaining Access Using Network Attacks   9. Phase 4: Denial-of-Service Attacks 10. Phase 4: Maintaining Access: Trojans, Backdoors& Rootkits 11. Phase 5: Covering Tracks & Hiding 12. Putting It All Together: Anatomy of an Attack 13. The Future, References & Conclusions Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, 2/E Skoudis & Liston Prentice Hall, 2006
Anatomy of an Attack Reconnaissance “casing the joint” Discovery of physical & online sensitive information Names, contact info (phone, email), IP addresses Social engineering, dumpster diving, Google Scanning “trying doorknobs & windows” Search for openings, network topology, OS type(s) Wireless access points, TCP ports, routers, gateways Inventory of target system & possible vulnerabilities Gaining access “breaking in” Application & OS attacks (Chapter 7) Stack-based & Heap-based Buffer Overflow Attacks
Brief review of Main Memory Data Data Heap Stack Code Stack Heap Code user view of memory logical memory space ,[object Object]
A program is a collection of segments such as:
main program,
procedure,
function,
global variables,
common block,
stack,
symbol tablehttp://courses.washington.edu/css430/ppt/Memory.ppt
Stack-based Buffer Overflow Attacks
Stack-based Buffer Overflow Attacks
Stack-based Buffer Overflow Attacks
Stack-based Buffer Overflow Attacks
Stack-based Buffer Overflow Attacks
C library functions considered harmful
C library functions considered harmful Frank Rubin. (March 1987) Communications of the ACM 30 (3): 195–196. Donald Moore, Chuck Musciano, Michael J. Liebhaber, Steven F. Lott and Lee Starr. (May 1987) Communications of the ACM 30 (5): 351–355. http://en.wikipedia.org/wiki/Considered_harmful
Finding stack-based buffer overflow vulnerabilities Examine source code (if available) Use debugger on executableto find exploitable library Apply brute force Inundate application with input data Examine stack traces after crashes But what would you input … & what would you look for?
Sample program #include <stdio.h> void f() { char s[9]; printf( "_________12345678901234567890" ); printf( "Enter s: " ); gets( s ); printf( "You entered: %s", s ); return; } main() { f(); }
Running the program
Running the program
Running the program
Running the program
Running the program 0x49 = “I”, 0x48 = “H”, 0x47 = “G”, 0x46 = “F”
Running the program 0x49 = “I”, 0x48 = “H”, 0x47 = “G”, 0x46 = “F”
Strategy & Structure of a “Sploit” “Fuzzing” Repeated input patterns AAAA… (“A” = 0x41) ABCDEFG… DEF1, DEF2, DEF3, … NOP (No Operation) 0x90 on x86 Also: Add 0 Multiply by 1 Jump to next instruction … NOP sled
Heap-based Buffer Overflow Attacks
Heap-based Buffer Overflow Attacks
Script Kiddies & Exploit Collections Attacks (exploits) are widely available French Security Response Team (FrSIRT) http://www.vupen.com/english/ “Only available to trusted organizations” Packet Storm Security http://packetstormsecurity.org/ Security Focus Bugtraq Archives http://www.securityfocus.com/bid Metasploit Project http://www.metasploit.com Little or no knowledge required

Recommended

IT Security Presentation
IT Security PresentationIT Security Presentation
IT Security Presentationelihuwalker
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
 
Buffer overflow
Buffer overflowBuffer overflow
Buffer overflow
قصي نسور
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
Nikhil Raj
 
Application Security
Application SecurityApplication Security
Application Securityflorinc
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and Awareness
Abdul Rahman Sherzad
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
Ammar WK
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101
Cybersecurity Education and Research Centre
 

Recommended

IT Security Presentation
IT Security PresentationIT Security Presentation
IT Security Presentationelihuwalker
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
 
Buffer overflow
Buffer overflowBuffer overflow
Buffer overflow
قصي نسور
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
Nikhil Raj
 
Application Security
Application SecurityApplication Security
Application Securityflorinc
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and Awareness
Abdul Rahman Sherzad
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
Ammar WK
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101
Cybersecurity Education and Research Centre
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
Kapil Nagrale
 
Security models
Security models Security models
Security models
LJ PROJECTS
 
Mobile security
Mobile securityMobile security
Mobile security
dilipdubey5
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute force
vishalgohel12195
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
Moataz Kamel
 
Buffer overflow
Buffer overflowBuffer overflow
Buffer overflow
Abu Juha Ahmed Muid
 
6 buffer overflows
6 buffer overflows6 buffer overflows
6 buffer overflowsdrewz lin
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
Michael Furman
 
Tools and methods used in cyber crime
Tools and methods used in cyber crimeTools and methods used in cyber crime
Tools and methods used in cyber crime
shubhravrat Deshpande
 
Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)
Umesh Mahawar
 
Web application security
Web application securityWeb application security
Web application security
Kapil Sharma
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
Rick Wanner
 
Security Vulnerabilities
Security VulnerabilitiesSecurity Vulnerabilities
Security Vulnerabilities
Marius Vorster
 
Intro to Web Application Security
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application Security
Rob Ragan
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Ramiro Cid
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
 
Cybersecurity - Mobile Application Security
Cybersecurity - Mobile Application SecurityCybersecurity - Mobile Application Security
Cybersecurity - Mobile Application Security
Eryk Budi Pratama
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device Security
Nemwos
 
Basic web security model
Basic web security modelBasic web security model
Basic web security model
G Prachi
 
Malware
MalwareMalware
Malware
Anoushka Srivastava
 
Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Chema Alonso
 
Modern malware and threats
Modern malware and threatsModern malware and threats
Modern malware and threats
Martin Holovský
 

More Related Content

What's hot

Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
Kapil Nagrale
 
Security models
Security models Security models
Security models
LJ PROJECTS
 
Mobile security
Mobile securityMobile security
Mobile security
dilipdubey5
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute force
vishalgohel12195
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
Moataz Kamel
 
Buffer overflow
Buffer overflowBuffer overflow
Buffer overflow
Abu Juha Ahmed Muid
 
6 buffer overflows
6 buffer overflows6 buffer overflows
6 buffer overflowsdrewz lin
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
Michael Furman
 
Tools and methods used in cyber crime
Tools and methods used in cyber crimeTools and methods used in cyber crime
Tools and methods used in cyber crime
shubhravrat Deshpande
 
Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)
Umesh Mahawar
 
Web application security
Web application securityWeb application security
Web application security
Kapil Sharma
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
Rick Wanner
 
Security Vulnerabilities
Security VulnerabilitiesSecurity Vulnerabilities
Security Vulnerabilities
Marius Vorster
 
Intro to Web Application Security
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application Security
Rob Ragan
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Ramiro Cid
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
 
Cybersecurity - Mobile Application Security
Cybersecurity - Mobile Application SecurityCybersecurity - Mobile Application Security
Cybersecurity - Mobile Application Security
Eryk Budi Pratama
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device Security
Nemwos
 
Basic web security model
Basic web security modelBasic web security model
Basic web security model
G Prachi
 
Malware
MalwareMalware
Malware
Anoushka Srivastava
 

What's hot (20)

Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
 
Security models
Security models Security models
Security models
 
Mobile security
Mobile securityMobile security
Mobile security
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute force
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
 
Buffer overflow
Buffer overflowBuffer overflow
Buffer overflow
 
6 buffer overflows
6 buffer overflows6 buffer overflows
6 buffer overflows
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
 
Tools and methods used in cyber crime
Tools and methods used in cyber crimeTools and methods used in cyber crime
Tools and methods used in cyber crime
 
Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)
 
Web application security
Web application securityWeb application security
Web application security
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
Security Vulnerabilities
Security VulnerabilitiesSecurity Vulnerabilities
Security Vulnerabilities
 
Intro to Web Application Security
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application Security
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
 
Cybersecurity - Mobile Application Security
Cybersecurity - Mobile Application SecurityCybersecurity - Mobile Application Security
Cybersecurity - Mobile Application Security
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device Security
 
Basic web security model
Basic web security modelBasic web security model
Basic web security model
 
Malware
MalwareMalware
Malware
 

Similar to Buffer overflow attacks

Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Chema Alonso
 
Modern malware and threats
Modern malware and threatsModern malware and threats
Modern malware and threats
Martin Holovský
 
20101017 program analysis_for_security_livshits_lecture03_security
20101017 program analysis_for_security_livshits_lecture03_security20101017 program analysis_for_security_livshits_lecture03_security
20101017 program analysis_for_security_livshits_lecture03_securityComputer Science Club
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.ppt
SadiaMuqaddas
 
Computer and Network Security
Computer and Network SecurityComputer and Network Security
Computer and Network Security
Asif Raza
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.ppt
ROHITCHHOKER3
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.ppt
MarcoAntonioSotoVera
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 
LIS3353 SP12 Week 9
LIS3353 SP12 Week 9LIS3353 SP12 Week 9
LIS3353 SP12 Week 9Amanda Case
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
INSIGHT FORENSIC
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
INSIGHT FORENSIC
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APT
Simone Onofri
 
The Comprehensive Security Policy In The Trojan War
The Comprehensive Security Policy In The Trojan WarThe Comprehensive Security Policy In The Trojan War
The Comprehensive Security Policy In The Trojan War
Mandy Cross
 
Buffer Overflows
Buffer OverflowsBuffer Overflows
Buffer Overflows
JustAnotherAbstraction
 
Software security
Software securitySoftware security
Software security
Roman Oliynykov
 
Thinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and PreventionThinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and Prevention
David Perkins
 
Reverse Engineering 101
Reverse Engineering 101Reverse Engineering 101
Reverse Engineering 101
ysurer
 
AI for Cybersecurity Innovation
AI for Cybersecurity InnovationAI for Cybersecurity Innovation
AI for Cybersecurity Innovation
Pete Burnap
 

Similar to Buffer overflow attacks (20)

Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64
 
Modern malware and threats
Modern malware and threatsModern malware and threats
Modern malware and threats
 
20101017 program analysis_for_security_livshits_lecture03_security
20101017 program analysis_for_security_livshits_lecture03_security20101017 program analysis_for_security_livshits_lecture03_security
20101017 program analysis_for_security_livshits_lecture03_security
 
Super1
Super1Super1
Super1
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.ppt
 
Computer and Network Security
Computer and Network SecurityComputer and Network Security
Computer and Network Security
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.ppt
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.ppt
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 
LIS3353 SP12 Week 9
LIS3353 SP12 Week 9LIS3353 SP12 Week 9
LIS3353 SP12 Week 9
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APT
 
The Comprehensive Security Policy In The Trojan War
The Comprehensive Security Policy In The Trojan WarThe Comprehensive Security Policy In The Trojan War
The Comprehensive Security Policy In The Trojan War
 
APT - Project
APT - Project APT - Project
APT - Project
 
Buffer Overflows
Buffer OverflowsBuffer Overflows
Buffer Overflows
 
Software security
Software securitySoftware security
Software security
 
Thinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and PreventionThinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and Prevention
 
Reverse Engineering 101
Reverse Engineering 101Reverse Engineering 101
Reverse Engineering 101
 
AI for Cybersecurity Innovation
AI for Cybersecurity InnovationAI for Cybersecurity Innovation
AI for Cybersecurity Innovation
 

More from Joe McCarthy

Situated Social Computing 20110622
Situated Social Computing 20110622Situated Social Computing 20110622
Situated Social Computing 20110622
Joe McCarthy
 
Alone Together: Human-Robot Interaction
Alone Together: Human-Robot InteractionAlone Together: Human-Robot Interaction
Alone Together: Human-Robot Interaction
Joe McCarthy
 
02 introduction to network security
02 introduction to network security02 introduction to network security
02 introduction to network securityJoe McCarthy
 
Toward Hybrid Computing
Toward Hybrid ComputingToward Hybrid Computing
Toward Hybrid ComputingJoe McCarthy
 
Technology Education in an Urban Metropolitan University
Technology Education in an Urban Metropolitan UniversityTechnology Education in an Urban Metropolitan University
Technology Education in an Urban Metropolitan UniversityJoe McCarthy
 
Hybrid Design Practices - Technology in Downtown Disney
Hybrid Design Practices - Technology in Downtown DisneyHybrid Design Practices - Technology in Downtown Disney
Hybrid Design Practices - Technology in Downtown Disney
Joe McCarthy
 
UbiComp 2009 Town Hall
UbiComp 2009 Town HallUbiComp 2009 Town Hall
UbiComp 2009 Town HallJoe McCarthy
 
Ubicomp2009 Opening Remarks
Ubicomp2009 Opening RemarksUbicomp2009 Opening Remarks
Ubicomp2009 Opening Remarks
Joe McCarthy
 
CoCollage C&T2009
CoCollage C&T2009CoCollage C&T2009
CoCollage C&T2009
Joe McCarthy
 
Situated Community Technology C&T 2009
Situated Community Technology C&T 2009Situated Community Technology C&T 2009
Situated Community Technology C&T 2009
Joe McCarthy
 
CoCollage Digital Cities 6
CoCollage Digital Cities 6CoCollage Digital Cities 6
CoCollage Digital Cities 6
Joe McCarthy
 
CoCollage UW iSchool 20090515
CoCollage UW iSchool 20090515CoCollage UW iSchool 20090515
CoCollage UW iSchool 20090515
Joe McCarthy
 
CoCollage Overview
CoCollage OverviewCoCollage Overview
CoCollage Overview
Joe McCarthy
 
Proactive Displays CSCW2008
Proactive Displays CSCW2008Proactive Displays CSCW2008
Proactive Displays CSCW2008
Joe McCarthy
 
UbiComp 2008 Closing
UbiComp 2008 ClosingUbiComp 2008 Closing
UbiComp 2008 Closing
Joe McCarthy
 
Situated Computing U Korea Forum 20080924 Draft
Situated Computing U Korea Forum 20080924 DraftSituated Computing U Korea Forum 20080924 Draft
Situated Computing U Korea Forum 20080924 DraftJoe McCarthy
 
Ubicomp 2008 Opening
Ubicomp 2008 OpeningUbicomp 2008 Opening
Ubicomp 2008 Opening
Joe McCarthy
 
UbiComp2008 Town Hall
UbiComp2008 Town HallUbiComp2008 Town Hall
UbiComp2008 Town HallJoe McCarthy
 
Proactive Displays, UW DUB group, 16 July 2008
Proactive Displays, UW DUB group, 16 July 2008Proactive Displays, UW DUB group, 16 July 2008
Proactive Displays, UW DUB group, 16 July 2008Joe McCarthy
 
Proactive Displays IIIA 20080627
Proactive Displays IIIA 20080627Proactive Displays IIIA 20080627
Proactive Displays IIIA 20080627
Joe McCarthy
 

More from Joe McCarthy (20)

Situated Social Computing 20110622
Situated Social Computing 20110622Situated Social Computing 20110622
Situated Social Computing 20110622
 
Alone Together: Human-Robot Interaction
Alone Together: Human-Robot InteractionAlone Together: Human-Robot Interaction
Alone Together: Human-Robot Interaction
 
02 introduction to network security
02 introduction to network security02 introduction to network security
02 introduction to network security
 
Toward Hybrid Computing
Toward Hybrid ComputingToward Hybrid Computing
Toward Hybrid Computing
 
Technology Education in an Urban Metropolitan University
Technology Education in an Urban Metropolitan UniversityTechnology Education in an Urban Metropolitan University
Technology Education in an Urban Metropolitan University
 
Hybrid Design Practices - Technology in Downtown Disney
Hybrid Design Practices - Technology in Downtown DisneyHybrid Design Practices - Technology in Downtown Disney
Hybrid Design Practices - Technology in Downtown Disney
 
UbiComp 2009 Town Hall
UbiComp 2009 Town HallUbiComp 2009 Town Hall
UbiComp 2009 Town Hall
 
Ubicomp2009 Opening Remarks
Ubicomp2009 Opening RemarksUbicomp2009 Opening Remarks
Ubicomp2009 Opening Remarks
 
CoCollage C&T2009
CoCollage C&T2009CoCollage C&T2009
CoCollage C&T2009
 
Situated Community Technology C&T 2009
Situated Community Technology C&T 2009Situated Community Technology C&T 2009
Situated Community Technology C&T 2009
 
CoCollage Digital Cities 6
CoCollage Digital Cities 6CoCollage Digital Cities 6
CoCollage Digital Cities 6
 
CoCollage UW iSchool 20090515
CoCollage UW iSchool 20090515CoCollage UW iSchool 20090515
CoCollage UW iSchool 20090515
 
CoCollage Overview
CoCollage OverviewCoCollage Overview
CoCollage Overview
 
Proactive Displays CSCW2008
Proactive Displays CSCW2008Proactive Displays CSCW2008
Proactive Displays CSCW2008
 
UbiComp 2008 Closing
UbiComp 2008 ClosingUbiComp 2008 Closing
UbiComp 2008 Closing
 
Situated Computing U Korea Forum 20080924 Draft
Situated Computing U Korea Forum 20080924 DraftSituated Computing U Korea Forum 20080924 Draft
Situated Computing U Korea Forum 20080924 Draft
 
Ubicomp 2008 Opening
Ubicomp 2008 OpeningUbicomp 2008 Opening
Ubicomp 2008 Opening
 
UbiComp2008 Town Hall
UbiComp2008 Town HallUbiComp2008 Town Hall
UbiComp2008 Town Hall
 
Proactive Displays, UW DUB group, 16 July 2008
Proactive Displays, UW DUB group, 16 July 2008Proactive Displays, UW DUB group, 16 July 2008
Proactive Displays, UW DUB group, 16 July 2008
 
Proactive Displays IIIA 20080627
Proactive Displays IIIA 20080627Proactive Displays IIIA 20080627
Proactive Displays IIIA 20080627
 

Recently uploaded

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
CatarinaPereira64715
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
Fwdays
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 

Recently uploaded (20)

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 

Buffer overflow attacks

  • 1. Network Security:Buffer Overflow Attacks Joe McCarthy
  • 2. Today’s Agenda What is Network Security? Why should you care? What is a network security attack? What is a buffer overflow attack? Where can you learn more? All in 30 minutes …
  • 3. What is Network Security? Computer Security The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications) February 2004 http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf Network Security Essentials, 4/E William Stallings Prentice Hall, 2011
  • 4. Why study Network Security? Multi-disciplinary Computer science, mathematics, psychology, sociology, politics, ethics, economics, forensics, … New way of thinking: security mind set Preventing undesirable behavior vs. enabling desirable behavior Personal relevance Keeping your personal data & devices safe Professional relevance
  • 5. TCSS 431: Network Security Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, 2/E Ed Skoudis Tom Liston Prentice Hall, 2006 Network Security:Private Communication in a Public World, 2/E Charlie Kaufman Radia Perlman Mike Speciner Prentice Hall, 2002
  • 6. Today’s Agenda 1. Introduction   2. Networking Overview   3. Linux and UNIX Overview   4. Windows NT/000/XP/00 Overview   5. Phase 1: Reconnaissance   6. Phase 2: Scanning   7. Phase 3: Gaining Access Using Application & OS Attacks     Script Kiddie Exploit Trolling     Pragmatism for More Sophisticated Attackers      Buffer Overflow Exploits      Password Attacks      Web Application Attacks      Exploiting Browser Flaws   8. Phase 4: Gaining Access Using Network Attacks   9. Phase 4: Denial-of-Service Attacks 10. Phase 4: Maintaining Access: Trojans, Backdoors& Rootkits 11. Phase 5: Covering Tracks & Hiding 12. Putting It All Together: Anatomy of an Attack 13. The Future, References & Conclusions Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, 2/E Skoudis & Liston Prentice Hall, 2006
  • 7. Anatomy of an Attack Reconnaissance “casing the joint” Discovery of physical & online sensitive information Names, contact info (phone, email), IP addresses Social engineering, dumpster diving, Google Scanning “trying doorknobs & windows” Search for openings, network topology, OS type(s) Wireless access points, TCP ports, routers, gateways Inventory of target system & possible vulnerabilities Gaining access “breaking in” Application & OS attacks (Chapter 7) Stack-based & Heap-based Buffer Overflow Attacks
  • 8.
  • 9.
  • 10. A program is a collection of segments such as:
  • 23. C library functions considered harmful
  • 24. C library functions considered harmful Frank Rubin. (March 1987) Communications of the ACM 30 (3): 195–196. Donald Moore, Chuck Musciano, Michael J. Liebhaber, Steven F. Lott and Lee Starr. (May 1987) Communications of the ACM 30 (5): 351–355. http://en.wikipedia.org/wiki/Considered_harmful
  • 25. Finding stack-based buffer overflow vulnerabilities Examine source code (if available) Use debugger on executableto find exploitable library Apply brute force Inundate application with input data Examine stack traces after crashes But what would you input … & what would you look for?
  • 26. Sample program #include <stdio.h> void f() { char s[9]; printf( "_________12345678901234567890" ); printf( "Enter s: " ); gets( s ); printf( "You entered: %s", s ); return; } main() { f(); }
  • 31. Running the program 0x49 = “I”, 0x48 = “H”, 0x47 = “G”, 0x46 = “F”
  • 32. Running the program 0x49 = “I”, 0x48 = “H”, 0x47 = “G”, 0x46 = “F”
  • 33. Strategy & Structure of a “Sploit” “Fuzzing” Repeated input patterns AAAA… (“A” = 0x41) ABCDEFG… DEF1, DEF2, DEF3, … NOP (No Operation) 0x90 on x86 Also: Add 0 Multiply by 1 Jump to next instruction … NOP sled
  • 36. Script Kiddies & Exploit Collections Attacks (exploits) are widely available French Security Response Team (FrSIRT) http://www.vupen.com/english/ “Only available to trusted organizations” Packet Storm Security http://packetstormsecurity.org/ Security Focus Bugtraq Archives http://www.securityfocus.com/bid Metasploit Project http://www.metasploit.com Little or no knowledge required
  • 38. Sample Payloads Bind shell to current port Bind shell to arbitrary port Reverse shell Windows VNC Server DLL Reverse VNC DLL Inject Inject DLL into running application Create local admin user The Meterpreter (Metasploit Interpreter)
  • 41. Pros & Cons of Exploit Frameworks
  • 42. Pros & Cons of Exploit Frameworks Advantages for Attackers Reduced time Increased quality Advantages for Defenders Increased accuracy of security assessments Vulnerability scans yield many false positives (30-50%) Scan, then sploit to find “real” problems Verify IDS / IPS functionality Malfunctions, misconfiguration, pre-emptive attacks Improving management awareness “Please don’t steal this file!”
  • 43. Defenses against Buffer Overflow Attacks Safer programming StackGuard, Stack Shield Security reviews ITS4 (“It’s the Software, Stupid - Security Scanner”) RATS (Rough Auditing Tool for Security) Flawfinder
  • 44. For more information “Smashing the Stack for Fun and Profit” Aleph One, aleph1@underground.org http://www.phrack.org/issues.html?id=14&issue=49 Common Vulnerabilities & Exposures http://cve.mitre.org/cve/ Total CVEs: 45,149 Stack-based overflow vulnerabilities 1200+: IE, Safari, Firefox, Opera, RealPlayer, QuickTime, WMP, WinAmp, DB2, Excel, Access, Word, PowerPoint, OpenOffice, Eudora, Acrobat, Reader, JDK, JRE, Norton, McAfee, eTrust, RAZR Heap-based overflow vulnerabilities 900+: IE, Opera, Firefox, Thunderbird, Apache, VB, ColdFusion, Skype, PHP, Oracle, PostgreSQL, AIM, Windows Live Messenger, WordPerfect, Outlook Express, PageMaker, PowerPoint, Excel, Netscape, McAfee, DirectX, Shockwave, Subversion, QuickTime, Norton, Sophos, Kaspersky, RSA SecurID, PuTTY, iTunes, RealPlayer, WinAmp, OpenOffice, JRE, Facebook Photo Uploader ActiveX, Blackberry